I issued an certificate for my domain and faced the following issues:-
Screen-shots of the same have been attached.
I would be thankful for any assistance and guidance to understand these issues.
Yes, the intermediate for an RSA cert is currently R10 or R11
There is no difference in the "chain path" apart from the different intermediate. Can you explain in more detail what you mean by that?
See: Chains of Trust - Let's Encrypt
You should know that there are also R12-R14 currently available as backups which could be used any time although hopefully not. And, R10/R11 will more shortly retire in favor of new ones. The correct approach is, and always has been, to use the intermediate chain supplied by Let's Encrypt when it issued your cert. That is, you should not be "pinning" an intermediate.
Note also that for ECDSA certs these have their own set of intermediates
The background for this change is here: New Intermediate Certificates - Let's Encrypt
The API section is good to subscribe to for important notices like this one: Deploying Let's Encrypt's New Issuance Chains
And, no, it is not possible to request a specific intermediate when requesting the cert. This is intentional to ensure that ACME Clients can automatically handle different intermediates being used.
Random.
Nope.
Oh, I see your server is configured wrong and sends out the retired R3 cert. You should review your server config so it does not do that. Just use the chain supplied by Certbot
Thank you so much for the frequent reply, I'll check the config.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
